Pages:
Author

Topic: [CLOSED] S.DICE - SatoshiDICE 100% Dividend-Paying Asset on MPEx - page 83. (Read 316363 times)

legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
October Statement

Bad news - October was a bad month for the house. Site lost 2,071 BTC. There is thus no October dividend for S.DICE (technically a dividend of 0.00000001 btc was paid today to mark the date)

Good news - Volume of bets is very strong, averaging 5,944 BTC per day in Oct.

Summary:
Earnings   -2,071
Hosting/Tech Expenses   70
  
Net Profit   -2141.07115151
10% MPEX Dividend   0.00000001  (one satoshi sent to mark the date)

Volume over past 30 Days   181,362.82
Actual Profit over past 30 Days  -2,023.94
Expected Profit over past 30 Days   3,445.89

Updated P&L: https://docs.google.com/spreadsheet/ccc?key=0Aiec3-Eo_yO5dG5SQklHZG4wRm1GMW9DRWpMMW5UQkE#gid=7

Players seem to be enjoying the new website, check it out if you haven't yet - SatoshiDICE.com

Also, incidence of stuck transactions has been greatly diminished after many little tweaks. Not perfect yet but far fewer transactions are getting stuck. As mentioned, all stuck transactions do pay out eventually. Nothing gets lost in the void.

Also, a fun new thing will be announced in about one week. Stay tuned!

Also, SatoshiDice will be shown in Macau at the end of November at an Asian gambling convention where myself and the BitInstant guys were invited to come speak. This should be pretty exciting both for SD as well as Bitcoin in general Wink
legendary
Activity: 2940
Merit: 1333
But really, I am not much for doing extra work for a few hundred dollars.  My regular job pays better.

I'm sure the amounts that could be made in the short term using such an attack are very attractive to some people.  Not everyone lives in a developed country and has a well paying job after all.
sr. member
Activity: 451
Merit: 250
Cool.  I'm going to try this when I get my half of the bitcoin network working.

I don't know if you're suggesting you need 51% of the network to carry out this attack, but you don't.  Even if you had just 1% you could carry out this attack about once per day.  You don't need the 1% yourself, either.  You can run a mining pool.  Play something like "lessthan 8000" rather than a 50/50 bet.  Then you don't end up throwing away many of the blocks your miners find for you.  But occasionally you'll win the "lessthan 8000" bet, in which case you just don't submit the block, and get to keep the winning bet.

The thing is, for a long time I was monitoring the Bitcoin network, looking specifically for double-spend attempts against Satoshi Dice, and didn't find a single one.

It could be that while I was monitoring, no double spends happened, but that recently they've started again.  I expect the site operators have a similar monitoring system in place, and would have shut down operations if they were being ripped off by such a scheme.  They are in an excellent position to know whether they are having an unusual number of large losing bets never confirming.  I very much doubt they would still be allowing 0-confirmation bets if they were seeing such an attack happening.

I was thinking I would have to be sitting there and see the block solve.  If so I would want to solve blocks fairly often so I don't spend much time waiting.  Of course I could automate the whole process.  I assume I would have to make a customized client anyway since I would need to withhold the block.  I didn't think of the pool idea.  This is just another thing we have to trust our pools with.

But really, I am not much for doing extra work for a few hundred dollars.  My regular job pays better.
hero member
Activity: 756
Merit: 522
It could be that while I was monitoring, no double spends happened, but that recently they've started again.  I expect the site operators have a similar monitoring system in place, and would have shut down operations if they were being ripped off by such a scheme.  They are in an excellent position to know whether they are having an unusual number of large losing bets never confirming.  I very much doubt they would still be allowing 0-confirmation bets if they were seeing such an attack happening.

Indeed, it seems that while the attack vector described might be viable, SDice could easily close the hole by requiring one (or two, or six) confirmations before processing bets. The fact that they have so far not done this would indicate they so far judge the cost of the attack lower than the burden the defense would impose on legitimate users.

(Note that despite my MPEx affiliation, I am not bringing any special knowledge or information, it just seems reasonable).
legendary
Activity: 2940
Merit: 1333
Cool.  I'm going to try this when I get my half of the bitcoin network working.

I don't know if you're suggesting you need 51% of the network to carry out this attack, but you don't.  Even if you had just 1% you could carry out this attack about once per day.  You don't need the 1% yourself, either.  You can run a mining pool.  Play something like "lessthan 8000" rather than a 50/50 bet.  Then you don't end up throwing away many of the blocks your miners find for you.  But occasionally you'll win the "lessthan 8000" bet, in which case you just don't submit the block, and get to keep the winning bet.

The thing is, for a long time I was monitoring the Bitcoin network, looking specifically for double-spend attempts against Satoshi Dice, and didn't find a single one.

It could be that while I was monitoring, no double spends happened, but that recently they've started again.  I expect the site operators have a similar monitoring system in place, and would have shut down operations if they were being ripped off by such a scheme.  They are in an excellent position to know whether they are having an unusual number of large losing bets never confirming.  I very much doubt they would still be allowing 0-confirmation bets if they were seeing such an attack happening.
sr. member
Activity: 451
Merit: 250
So the good news for you all is that you're kicking the site's ass in terms of winnings recently Wink

right now the site shows whether my wager will win or lose immediately.  but there are known methods of double spending with bitcoin.  these methods don't make sense in most instances, but to steal from satoshidice they make perfect sense.

here's how it could be done.  as a solo miner, I would construct a transaction that i include in my hashing but do not broadcast it to the network.

as soon as i get a block i hold the block and immediately send a 250 btc wager to satoshidice for the "less than 32,000" bet.  i would construct that wager transaction using the same input as was used in the transaction that was withheld in the mined block.  if that 250 btc bet wins, i then discard my mined block and see profit of more than 200 btc (250 btc winnings from satoshidice minus 50 btc lost by not submitting the mined block).      

but if the 250 btc bet sent to satoshidice didn't win, i then submit the mined block and get the 50 btc block reward.  the 250 btc wager will never confirm so i don't actually lose that.

the risk for me in doing this is that while the block is being withheld another miner (miner "b") solves the block at the same height and by the time i broadcast the block with the double spend in it, the rest of the network is already mining away to extend the block solved by miner "b".  in that rare instance i lose both my 50 btc block reward as well as my 250 btc spent on the bet that ended up losing.

but the profit of 200 btc means this can fail half the time and i still can profit handsomely from doing this.

satoshidice's best defense to this would probably be to not reveal the answer to winner/loser until there is one confirmation for any bets whose payouts would be above some threshold (like above the block reward subsidy level).

Cool.  I'm going to try this when I get my half of the bitcoin network working.
legendary
Activity: 873
Merit: 1000
So the good news for you all is that you're kicking the site's ass in terms of winnings recently Wink

right now the site shows whether my bet will win or lose immediately.  but there are known methods of double spending with bitcoin.  these methods don't make sense in most instances, but to steal from satoshidice they make perfect sense.

here's how it could be done.  as a solo miner, I would construct a transaction that i include in my hashing but do not broadcast it to the network.

as soon as i get a block i hold the block and immediately send a 250 btc wager to satoshidice for the "less than 32,000" bet.  i would construct that wager transaction using the same input as was used in the transaction that was withheld in the mined block.  if that 250 btc bet wins, i then discard my mined block and see profit of more than 200 btc (250 btc winnings from satoshidice minus 50 btc lost by not submitting the mined block).      

but if the 250 btc bet sent to satoshidice didn't win, i then submit the mined block and get the 50 btc block reward.  the 250 btc wager will never confirm so i don't actually lose that.

the risk for me in doing this is that while the block is being withheld another miner (miner "b") solves the block at the same height and by the time i broadcast the block with the double spend in it, the rest of the network is already mining away to extend the block solved by miner "b".  in that rare instance i lose both my 50 btc block reward as well as my 250 btc spent on the bet that ended up losing.

but the profit of 200 btc means this can fail half the time and i still can profit handsomely from doing this.

satoshidice's best defense to this would probably be to not reveal the answer to winner/loser until there is one confirmation for any bets whose payouts would be above some threshold (like above the block reward subsidy level).
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
Though the Bitcoin equities world is in a bit of chaos right now regarding GLBSE, here's a bit of good news... the new site is up and running at the live test URL:

http://src.satoshidice.com/rev2/

I'd love any feedback! We'll put this at SatoshiDice.com in a couple days.
Quote
aa17b0 bet 6346813.000 btc 23 hours ago - WIN
Right Roll Eyes.

LOL yeah I think that's a bug...  That, or I'm bankrupt forever Smiley
legendary
Activity: 1498
Merit: 1000
Though the Bitcoin equities world is in a bit of chaos right now regarding GLBSE, here's a bit of good news... the new site is up and running at the live test URL:

http://src.satoshidice.com/rev2/

I'd love any feedback! We'll put this at SatoshiDice.com in a couple days.

The counters, blink like they are reloading but they numbers don't change. They should blink if the number gets updated, if not then nothing should be done. Plus the red colors in the tabs, like recent, doesn't really fit with the green it is two different contrasts, that don't fit well together. Otherwise I like the site redesign.
legendary
Activity: 1246
Merit: 1077
Though the Bitcoin equities world is in a bit of chaos right now regarding GLBSE, here's a bit of good news... the new site is up and running at the live test URL:

http://src.satoshidice.com/rev2/

I'd love any feedback! We'll put this at SatoshiDice.com in a couple days.
Quote
aa17b0 bet 6346813.000 btc 23 hours ago - WIN
Right Roll Eyes.
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
Though the Bitcoin equities world is in a bit of chaos right now regarding GLBSE, here's a bit of good news... the new site is up and running at the live test URL:

http://src.satoshidice.com/rev2/

I'd love any feedback! We'll put this at SatoshiDice.com in a couple days.
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
Regarding the GLBSE mess, we'll need to wait and see how things play out. Ludvig (the passthrough operator) has said he plans to honor the contracts obviously, but we'll need GLBSE to provide him the database of owners. Ludvig is a great guy and I'll try to work with him wherever possible to take care of the GLBSE passthrough owners. I'll post more here when I know more.
hero member
Activity: 756
Merit: 522
Well fuck I really should have bought this on MPex and not glbse

Yeah. You know...the joker's market. True story.
sr. member
Activity: 411
Merit: 250
Are there any plans for what will happen with the pass-through shares?
member
Activity: 106
Merit: 10
Well fuck I really should have bought this on MPex and not glbse
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack

September's dividend of 206.53002089 BTC has been paid on MPEX
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
Okay, September is over! The stats are now updated on the spreadsheet:  https://docs.google.com/spreadsheet/ccc?key=0Aiec3-Eo_yO5dG5SQklHZG4wRm1GMW9DRWpMMW5UQkE

Summary:
Earnings   2115.30020995
Hosting/Tech Expenses   50
   
Net Profit   2065.30020995
10% MPEX Dividend   206.530020995

Volume over past 30 Days   228,279.18
Actual Profit over past 30 Days   2,115.30
Expected Profit over past 30 Days   4,337.30

From the numbers, you can see that players did statistically better than they should have this month (good for them!). Based on volume of SatoshiDICE bets, the site was expected to earn 4,337 BTC, but only earned 2,115 BTC. The dividend would have been roughly double the size if we had statistically matched expectations.

September was the second-strongest month ever in terms of bet volume, after last month's record-breaking performance.

Moving into October, the new site is extremely close (day or two) to being live, and a special announcement still remains that is 1-2 weeks away.

Thank you to all the asset holders, both on MPEX and the GLBSE passthrough. I will be paying the dividend tomorrow (Tuesday)... if you buy shares before I pay it you get an immediate return of about 7.5% APY Wink

Cheers,
-Erik
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
Quick Update:

The new site should be live within 2 weeks, I hope everyone is excited for it Smiley

Also, there's another special announcement which will be made around the same time - should be very good for owners of S.DICE
hero member
Activity: 756
Merit: 522
It's not that hard really: you go to satoshidice.com and click where you see the word IPO in blue and underlined. Those are usually links on the interwebs.
At that link you will find a few nuggets of information, like the contract, a prospectus, the total dividend paid (786.15699996).

Since the total shares issued is 10 million and the owner blocks for sale add up to 6`938`859, you can work out the total dividend paid to 3rd party investors on MPEx to 240.65374250 BTC. The GLBSE passthrough holders together count for a little over 10% of that, hence the 40ish BTC payment that made its way there.
legendary
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
FYI - Cross-posting this for our shareholders... (from the SD developer)

I would like to explain a recent bug that has been plaguing our system and how it was corrected.

In our system we have a database of all transactions that relate to Satoshidice.   We also track their status (pending, confirmed, unknown).  We get a handful of transactions that were broadcast but never end up confirming.  After 24 to 48 hours we delete them from our system and move on.  There was an issue where the status of the transactions was not being recorded correctly.  So we would occasionally delete a transaction thinking it was hopeless when it actually confirmed some time ago.  Then the outputs spend for that transaction would be marked available and used to pay other transactions.  The more I ran the recovery process to clean things up, the more of these ended up getting created.

Now I have a separate safety check that checks an external repository of confirmed transactions before deleting anything.  This has been running for about 3 days and seems to work very well.

The other thing that happened that led to a large amount of unconfirming transactions was around Sept 8th we ran out of confirmed funds.  We try to always pay winners with confirmed outputs so there is no problem getting them confirmed and they are not dependent on anyone else's transactions.  Well, we ran out of confirmed and started paying with pending funds.  This of course didn't go well and a bunch of payment transactions had to be deleted and reprocessed.

We of course have alarms on confirmed funds and were notified as it was going down but Erik was traveling and I don't have access to the reserve funds so there was not much I could do, other than later run the recovery and cleanup tasks to get everyone paid.
Pages:
Jump to: